CVE-2017-5849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5849): tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values.
netpbm maintainer (Bryan Henderson) is on the upstream bug, so going to wait for them to sort it out
(In reply to SpanKY from comment #1) > netpbm maintainer (Bryan Henderson) is on the upstream bug, so going to wait > for them to sort it out new upstream links: https://gitlab.com/libtiff/libtiff/-/issues/76 https://gitlab.com/libtiff/libtiff/-/issues/77